question

hardik-joshi avatar image
hardik-joshi asked ·

Persist Access Token Life Time

I want to persist access token life time remain same once i got after login.is there any way to do it ?. other thing is can i get access token from back end without opening RingCentral Popup or login page ? 

we are having C# and JavaScript base application.
topic-default
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image
Tyler Liu answered ·
"persist access token life time" is impossible for security reasons. What you can do is to refresh your access token periodically to make it always non-expired.  Refresh token can live as long as a week, so you can refresh access token once a week to make it non-expired.
2 comments Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Hi Tyler,

how can i persist token using c# sdk, i am really need to maintain token life time. i am doing 'await rc.Authorize()' every time when i want to communicate with API.

Thanks,
Hardik Joshi
0 Likes 0 · ·
https://github.com/ringcentral/ringcentral-csharp-client/blob/master/RingCentral/RestClient.cs#L54 You can either get or set token.

So once you have the token, get it and serialize it to JSON, save it to somewhere.

After some time, when you need the token again, read the JSON, deserialize it to token and set to the rc object.

Please pay attention:

  • access token expires in an hour. You need to call rc.Refresh() if it expires
  • refresh token expires in a week. You'd have to Authorize() again if it expires
  • each user can have as many as 5 live tokens. If you ask for more (call Authorize() 6 times for example), old tokens will expire.
0 Likes 0 · ·
Tyler Liu avatar image
Tyler Liu answered ·
"can i get access token from back end without opening RingCentral Popup or login page"

Please read  http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#authorization-flows . If you use authorization code flow, RingCentral Popup or login page is inevitable. If you use password flow, you don't need RingCentral login page because you can login via code programmatically. However, not every app supports password flow for security reasons.
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

vb avatar image
vb answered ·
Also, if the access token and refresh tokens are captured and maintained at the backend (maybe in a db), you can run a script to keep the access token/refresh token pair active and the user's auth will not expire. 
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban Sen Chowdhary avatar image
Anirban Sen Chowdhary answered ·

Since the Access token has expiration time of 60 minutes , one of the easy and better way would be use Cache and storing it into Cache for 30 mins rather than persisting it into a database.

This will also help in efficient call of API reducing the rate limit issue. Storing in DB will not be a good idea as it will be expiring after 60 mins and so no use of persisting it .

You can also generate the access token from refresh token whose expiration time is longer compared to access token

"other thing is can i get access token from back end without opening RingCentral Popup or login page ? "

For grant type =Authorization code, you will be compulsorily getting login page , but you can you can avoid it if you use grant type =Password


Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.